lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: Tim.Saunders at aquilauk.co.uk (Tim Saunders)
Subject: Just when you thought Macafee stuff was safe!

It's the on-access scanner that has the problem when you try to do
anything with the downloaded file. Even if you are only copying it to
another PC.

I would accept it cannot scan the contents of such a large compressed
file if it didn't crash and leave the on-access scanner disabled.

Tim

> -----Original Message-----
> From: gregh [mailto:chows@...mail.com.au] 
> Sent: 23 September 2003 22:52
> To: Tim Saunders; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Just when you thought Macafee 
> stuff was safe!
> 
> 
> 
> > ----- Original Message -----
> > From: "Tim Saunders" <Tim.Saunders@...ilauk.co.uk>
> > To: "gregh" <chows@...mail.com.au>; 
> <full-disclosure@...ts.netsys.com>
> > Sent: Wednesday, September 24, 2003 1:14 AM
> > Subject: RE: [Full-Disclosure] Just when you thought 
> Macafee stuff was
> safe!
> 
> 
> > Or if your users have McAfee Virus scan wait for them to download a
> > large compressed file, I find zips of oracle CDs from 
> partner.oracle.com
> > do nicely. Now watch McAfee crash as it tries to scan the 
> contents of
> > the zip and times out (I believe) thus leaving the machine nice and
> > vulnerable since it doesn't auto restart. Any 300MB+ Zip, .tar.gz,
> > .cpio.gz etc seems to work. Smaller files may also work depending on
> > your machine.
> 
> Tim,
> 
> Gotta say I don't have that problem with Macafee stuff. I 
> have 98 and XP
> machines that have anywhere from 500meg files to, in 2 cases, 2gig
> compressed files sitting on them and what you say has never 
> happened even
> once in a scheduled scan. I never allow any virus scanner to 
> scan incoming
> compressed files. I only allow them to scan when I save to disk from
> attachment and that hasn't ever been a problem, either.
> 
> Greg.
> 
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ